Authorization

To set the Authorization configuration options, including connection
permissions, token key, and encryption requirements, click
Configuration and modify values for the
Global, Groups, and Users tabs under
their respective Authorization tabs. Select
Override in the option's row to set an effective value.

The following table lists all configuration options on the Authorization
tab:

Setting

Description

Values

Default

Incoming Transfers

To enable users to transfer to this computer, leave the default setting of
allow. Set to deny to prevent transfers to this computer.
Set to token to allow only transfers initiated with valid tokens to
this computer. Token-based transfers are typically used by web applications such
as Faspex and require a Token Encryption Key.

allow, deny, or token

allow

Incoming External Provider URL

Set the URL of the external authorization provider for incoming transfers.
The default empty setting disables external authorization. Aspera servers can be
configured to check with an external authorization provider. This SOAP
authorization mechanism can be useful to organizations requiring custom
authorization rules. Requires a value for Incoming External Provider SOAP
Action.

HTTP URL

blank

Incoming External Provider SOAP Action

The SOAP action required by the external authorization provider for
incoming transfers. Required if External Authorization is enabled.

text string

blank

Outgoing Transfers

To enable users to transfer friom this computer, leave the default setting
of allow. Set to deny to prevent transfers from this computer.
Set to token to allow only transfers initiated with valid tokens from
this computer. Token-based transfers are typically used by web applications such
as Faspex and require a Token Encryption Key.

allow, deny, or token

allow

Outgoing External Provider URL

Set the URL of the external authorization provider for outgoing transfers.
The default empty setting disables external authorization. Aspera servers can be
configured to check with an external authorization provider. This SOAP
authorization mechanism can be useful to organizations requiring custom
authorization rules. Requires a value for Outgoing External Provider Soap
Action.

HTTP URL

blank

Outgoing External Provider Soap Action

The SOAP action required by the external authorization provider for
outgoing transfers. Required if External Authorization is enabled.

text string

blank

Token Encryption Cipher

Set the cipher used to generate encrypted authorization tokens.

aes-128, aes-192, or aes-256

aes-128

Token Encryption Key

Set the secret text phrase that will be used to authorize those transfers
configured to require token. Aspera recommends setting a token encryption key of
at least 20 random characters. For more information, see Configuring Token Authorization from the GUI.

text string

blank

Token Life (seconds)

Set the token expiration for users of web-based transfer
applications.

positive integer

86400 (24 hrs)

Token Filename Hash

Set the algorithm with which filenames inside transfer tokens should be
hashed. Use MD5 for backward compatibility.

sha1, md5, or sha-256

sha-256

Strong Password Required for Content
Encryption

Set to true to require the password for content encryption to
contain at least 6 characters, of which at least 1 is non-alphanumeric, at least
1 is a letter, and at least 1 is a digit.

true or false

false

Content Protection Secret

Enable server-side encryption-at-rest (EAR) using the specified passphrase.
Files uploaded to this server will be encrypted. Files downloaded will be
decrypted.

passphrase

(none)

Content Protection Required

Set to true to require that content be left encrypted at the destination.

Users are required to enter a password during upload to encrypt the
files on the server.

Users will be given the option when downloading to decrypt during
transfer.

true or false

false

Do encrypted transfers in FIPS-140-2-certified
encryption mode

Set to true for ascp to use a FIPS
140-2-certified encryption module. When enabled, transfer start is delayed while
the FIPS module is verified.

When you run ascp in FIPS
mode (that is, <fips_enabled> is set to true in
aspera.conf), and you use passphrase-protected SSH
keys, you must use keys generated by running ssh-keygen
in a FIPS-enabled system, or convert existing keys to a FIPS-compatible
format using a command such as the
following:

openssl pkcs8 -topk8 -v2 aes128 -inid_rsa-outnew-id_rsa

Important: When set to true, all ciphers and hash
algorithms that are not FIPS compliant will abort
transfers.

true or false

false

Encryption Allowed

Set the type of transfer encryption accepted by this computer. Set to
any to allow both encrypted and non-encrypted transfers to this
computer. Set to none to allow only non-encrypted transfers. Set to
aes-128 to allow only encrypted transfers.